Getting Data In

Can I collect application logs from Azure to Splunk?

Koko12345678
Explorer

I already know that I can collect application logs into Azure application insight, and use a storage account streaming this data to event hub, but can splunk pull this data? if yes, how can I configure input in Splunk to do that.
If someone has a documentation about that it will be very helpful.

Tags (2)
0 Karma

larmesto
Path Finder

This might be helpful for anyone visiting; I have started working on an addon for Azure Event Hubs for Splunk, feel free to use it!
https://splunkbase.splunk.com/app/4343/

regards,

0 Karma

Paul1896
Path Finder

Hello larmesto,

is it possible to grab application logs which are stored in an azure event hub as well or only acitivity logs?

0 Karma

mayurr98
Super Champion

Hello

Yes, there are several apps and add-ons that are available to pull data from event hub.
have a look at this app:
https://splunkbase.splunk.com/app/3534/

Also,have a look at this detail documentation:
https://www.splunk.com/blog/2018/04/20/splunking-microsoft-azure-monitor-data-part-1-azure-setup.htm...

let me know if this helps!

0 Karma

saikiran334
Explorer

@Koko12345678, out of curiosity ,
Any how you have application logs in Azure for long term storage , and may i know why again you want to index this data from AZure to Splunk ?( any specific requirement )

0 Karma

Koko12345678
Explorer

I couldn't see anything that related to Azure application logs.
just activity log, diagnostic logs and metrics

0 Karma

mayurr98
Super Champion

well i meant that you can monitor event hub data. so it could be anything this app monitors event hub.If you send application logs to event hub add-on will get data from event hub. you can give it a try.

Another approach is using HTTP event collector.
https://github.com/Microsoft/AzureFunctionforSplunkVS
have a look at this link.
https://docs.microsoft.com/en-us/azure/monitoring-and-diagnostics/monitor-stream-monitoring-data-eve...

0 Karma

Koko12345678
Explorer

to pull data from Event Hub you need also to configure input on the add-on side, this is why I'm asking if I can configure the add-on to also pull for application logs

0 Karma

mayurr98
Super Champion

I have never tried it. But I think Yes you can configure.you can give it a try

0 Karma

Koko12345678
Explorer

ok thanks

0 Karma
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

March Community Office Hours Security Series Uncovered!

Hello Splunk Community! In March, Splunk Community Office Hours spotlighted our fabulous Splunk Threat ...

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars in April. This post ...